Prevent Insecure Booting Of Your Mac

maxphunk writes "So you can boot anyone's Mac using a CD or (for newer machines) mount the hard drive using target disk mode. Therefore, your machine isn't secure, right? Stock, yes; otherwise, no. Apple has a neato utility described here that eliminates this problem and more, using Open Firmware Password Protection. I have installed it on my iBook (late 2001) and I am definitely pleased with the results." It requires Mac OS X 10.1 or greater, and prevents things like starting up in single user mode, verbose mode, resetting PRAM, and more.

Good, Basic Protection

[Spencerian]

For the record, I'm an Apple Service Technician, so I'm not quite talking out of the side of my face.

Open Firmware protection has been around since the Blue & White G3 (maybe the original G3) but wasn't really endorsed by Apple until now. I think they really wanted to make a formal way to configure it. Before this, users had to boot into OF and enter some arcane commands.

Basically, all Macs made since late 1999 work with this, but original and Blue & White G3s as well as early iMacs (made in 1998 and 1999) don't qualify. That doesn't mean you can't attempt to use the OF password features available on these systems, just that you may not be able to use Apple's utility to configure it since the firmware versions don't match.

As someone already said, all bets are off when a hacker has physical access to the computer. But, combined with physical deterrents such as locks and proper security (rlogin off, password on screen saver, proper admin and user accounts, etc.), this really helps teachers and other sysadmins who need to keep kiddies or college kids from overriding the system's security and installing or copying stuff.

Apple hardware has really needed this for a long time, and I couldn't endorse it until Apple did since it's a CYA thing.